I'm setting up a Solaris 10 box to run Lawson application, which needs users to have Unix acounts, but the users will not be using interactive shell. To make it more secure, I'd rather not give them a valid shell. I know there's a trick by putting /noshell in the /etc/passwd file, but the problem is that useradd doesn't allow to use a non-executable for the shell value. I need to be able to use it though, as I can't be manually changing the /etc/passwd for every new user. I think another way of doing it is to specify /bin/false as the shell. On linux there's a specifc shell for this purpose, /sbin/nologin. But it doesn't seem to exist on Solaris. I'm wondering how else can his be done? Any suggestions?
The useradd command takes /usr/bin/false.
Out of curiosity, I don't know what Lawson is, but if it requires users to have unix logins, doesn't it require that users have a valid shell?
Yep, /usr/bin/false works. I wasn't sure it's the best way to do this but seems like it will do the job.
Lawson is an ERP application similar to SAP or PeopleSoft. In older versions a user actually would telnet into the box and use text-based menus. Nowadays they have a web portal, but they still need a user account to run reports and print jobs for individual users. I guess it's the same idea as apache needing a non-root account to start httpd instances. Why they can't accomplish it with just one user ID, I have no idea.